On New Year’s Eve, Motherboard broke the news that a hacking group known as The Dark Overlord was threatening to release a cache of stolen insurance and legal documents related to the 9/11 attacks. After distributing a small preview set of files, the group has now publicly released a decryption key for more files, meaning anyone can download and read them.
The news gives insight into how hacking groups may be evolving in their extortion efforts; opting to drip out stolen material bit by bit, while generating public interest through the media and their own announcements, all to exert pressure on the ransom victim.
“We've said it before, and we'll say it again: we're financially motivated, and you (the public) has spoken to us in our language (internet money, specifically Bitcoin),” The Dark Overlord wrote in a message published Friday.
Got a tip? You can contact this reporter securely on Signal on +44 20 8133 5190, OTR chat on firstname.lastname@example.org, or email email@example.com.
Twitter banned The Dark Overlord’s account on Wednesday. Reddit followed suit shortly after. In response, The Dark Overlord is now publishing its announcements on Steemit, a blockchain-based and harder to moderate platform. The Shadow Brokers, a self-described hacking group that released a slew of NSA hacking tools, used the same platform for their communications.
The stolen data itself allegedly comes from a legal firm that advised Hiscox Group, a Hiscox spokesperson previously told Motherboard in a statement. The previously released documents included presentation slide decks, legal correspondence between law firms, and letters from a handful of government agencies. 9/11 conspiracy theorists have been particularly interested in the release of the documents, with internet commenters and several conspiracy-minded YouTubers making videos saying that they hope they will somehow reveal a vast conspiracy around the attacks.
Motherboard successfully decrypted this new release with the provided key. The material appears to be much in the same vein, but larger, with the archive sizing in at around 70MB.
In all, The Dark Overlord’s encrypted archive, which the group distributed to journalists and has put online for anyone to download, comes in at around 10GB. The majority of it remains locked off, however.
The group released the data after receiving 3 bitcoin, or around $11,000, as part of its self-announced crowdfunding effort.
“Continue to keep the bitcoins flowing, and we'll continue to keep the truth flowing. Remember, Cyber-Cash for Cyber-Cache,” the group’s message adds.
Subscribe to our new cybersecurity podcast, CYBER.